========================================================================
Exposing Eric “Loki” Hines and Fate Labs.
I am an ex-member of ‘Fate Labs’, as such I feel I can give you some incites
into the fraudulent activities of their ‘founder’ Eric “Loki” Hines.
Eric Hines solicited a well known Web defacer who was a member of the
defacement group known as the “World of Hell” to join Fate Labs; this member
was known as “[RaFa]” whom was appointed to the position of the “Senior
Research Scientist” for Fate Labs in 2001 by Eric Hines.
This is rather contradictory considering “Fate Labs” is a collection of
Internet security professionals according to the Fate Labs Web page.
“[RaFa]” title as the “Senior Research Scientist” for Fate Labs can be seen
in an article from ZDnet
http://news.zdnet.co.uk/story/0,,t269-s2094091,00.html
This relationship caused trouble for Fate Labs when “[RaFa]” defaced a
company’s website that lost employees in the attacks on the World Trade
Center with a clueless speech about ‘anti-terrorism’ this was done with his
group known as “The Dispatchers” whose Mission was to target “terrorists
everywhere”. Ironic
A news article was written about “[RaFa]”’s mistake in defacing the Web site
of a victim of terrorism.
http://www.intellnet.org/news/2001/09/17/6801-1.html
In order to distance him from the bad publicity now thrown at Fate Labs
because of “[RaFa]” Mr. Hines immediately posted a press release on Fate
Labs Web page saying “[RaFa]” had been dismissed from Fate Labs.
This was not the truth.
Mr. Hines introduced a ‘new” member to Fate Labs whom he claimed worked on
the ‘Peek-a-booty’ program with the “cDc” three days after the press
release.
This in fact was “[RaFa]” using a different nickname!
Eric Hines also claims to work with NIPC and the F.B.I helping in the
apprehension and convictions of computer hackers according to his profile
listed at:
http://www.fatelabs.com/management.php
A log of a conversation between “[RaFa]” and Eric “Loki” Hines appeared on a
Web site which occurred on the IRC Server at irc.fatelabs.com it can be seen
at:
http://www.pasarelaip.com/hemeroteca/ITnews20011002.htm
the FBI wanted me to setup a trap for you that I Wouldnt paricipate
in
so feds were asking you about me?
dood they wanted me to aid them in your arrest
instead of getting upset with me for something you thought i did
towards you was me actually helping you out
well i could tell that it wasnt your environment, I wish you the
best. I just see an enormous talent you in and dont want to see you make any
mistakes
I know, but you arent outside the jurrisdiction of INTERPOL
Thats who has been hounding me about you
That PR is what saved any agents requesting more information on you
i dont know exactly whats going on but i urge you to remain low.. you
have some problems right now that i think are bigger than you understand
uhmm ok..
they are linking you with a bunch of shit.. all i can say is to
really be careful, separate yourself from all that other bullshit
i just worrya bout you like a brother
ok I will
Dispatcher = dead
don't worry
and
logos4u = dead
anyways, i spoke to Jak.. so i know about that
i was getting emails from their cybercrime division
i trashed it immediately, i received a phone call from their
Washington DC office as a followup
i didnt want it in my inbox
they dont know anything about you, their only link to you was Fate
Labs
thats the point for the PR
I wonder what Mr. Hines colleagues at the F.B.I and the NIPC would think
about the fact he is telling a wanted computer criminal that he has received
communication requesting assistance in his capture? Especially since he also
appears to conspire to help “[RaFa]” elude them?
Fate Labs as a security research forum:
Eric Hines cannot write code in any programming language, therefore he
relies on help from other programmers he has recruited into Fate Labs (See
the new recruitment campaign listed on the front page of www.fatelabs.com )
in order to further boost his career as a “Security Professional”.
In his above mentioned profile on www.fatelabs.com the following snippet is
listed:
“He [Eric Hines] continues to be a driving force in continued advancements
of new security technology and vulnerability research.”
In March 2000 nearly all of the programmers left Fate Labs because of their
frustrations with Eric. This affected Fate Labs operations severely, leaving
an almost two year gap in Fate Labs research with no security advisories
issued between 12/05/2000 through 08/05/2002.
If Eric is such a driving force why so long without any new advisories?
There is an advisory that is not listed on www.fatelabs.com which was
released late into 2001, why doesn’t Fate Labs mention this on their current
advisory list? This advisory was released as F8-DLINK20010906.
The vulnerability was found by one of Fate Labs research team, when he
tested his own D-Link Dl-704 Cable/DSL Internet Gateway, unfortunately he
was not running the latest firmware for the device and to Fate Labs
embarrassment found a denial of service vulnerability that had already been
addressed and fixed in the latest vendor firmware.
As mentioned Eric Hines cannot write code, and he could not find anyone to
write this code for his advisory so he claimed that Fate Labs did not write
code for the advisory because it would be a waste of time, and suggested
people use “hping2” or “Jolt.c” to recreate the condition as seen in:
http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0102.html
In that advisory he also attacks the people behind anti-security movement,
these people in turn pointed out how useless his advisory was, and made fun
of his claim that he would “Squash their movement” made in Fate Labs
Advisory F8-DLINK20010906
How can someone who cannot write and therefore audit source code claim to be
a vulnerability researcher, a penetration tester and an open disclosure
contributor? Along with his claims of working with NIPC and the F.B.I he
also lists himself as being a Department of Defense contractor and claims
that Fate Labs has the Top Secret clearance required to audit DoD networks.
This is not true, they have no such clearance. Furthermore if he did, can we
trust someone who has assisted a known “script kiddie” to escape justice to
work with the U.S Military and the U.S government in securing their
infrastructure?
Eric Hines also claims on his Fate Labs webpage to have worked in the
Security Industry for Ten years, however he is only twenty three, are we to
believe that not only in Ten years he has not been able to learn a
programming language, but that he has been working with companies since the
tender age of thirteen helping them secure their infrastructure?
His recent “shoutcast” advisory
(http://www.fatelabs.com/advisories/shoutcast-advisory.txt) was a complete
farce; even the vendors did not take it seriously.
However he was recently quoted by “Wired Magazine” telling them he was not
afraid of “Black Hat” reprisals when he releases his exploits:
http://www.wired.com/news/culture/0,1284,54400,00.html
“But Hines said the constant threats he receives from angry black hats will
not frighten Fate Research Labs into sitting on vulnerabilities it
discovers. “
Looking at the caliber of Eric Hines research and vulnerabilities since he
lost his complete programming staff you have to ask if the “Black Hats” are
intimidated by an already patched Denail of service attack vulnerability on
a home Cable/DSL router and a “retrieve password locally” attack on
“ShoutCast” multimedia daemon?
I apologize for the length of this rant; however the “Internet Security”
frauds amongst us have to be exposed.